Researcher publishes PoC for CVE-2020-13935 Apache Tomcat WebSocket DoS Vulnerability
Vulnerability Detail
The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M1 to 9.0.36
Apache Tomcat 8.5.0 to 8.5.56
Apache Tomcat 7.0.27 to 7.0.104
Mitigation:
– Upgrade to Apache Tomcat 10.0.0-M7 or later
– Upgrade to Apache Tomcat 9.0.37 or later
– Upgrade to Apache Tomcat 8.5.57 or later